Securing the evidence

With advanced smartphone features such as Find My iPhone and remote wipes, securing a mobile phone in a way such that it cannot be remotely wiped is of great importance. Also, when the phone is powered on and has service, it constantly receives new data. To secure the evidence, use the right equipment and techniques to isolate the phone from all networks. With isolation, the phone is prevented from receiving any new data that would cause active data to be deleted. Depending on the case, other forensic techniques such as fingerprint matching may need to be employed to establish a connection between the device and its owner. If the device is not handled in a secure manner, physical evidence may be unintentionally tampered with and may be rendered useless.

It is also important to collect any peripherals, associated media, cables, power adapters, and other accessories that are present at the scene. At the scene of investigation, if the device is found to be connected to a personal computer, pulling it directly would stop the data transfer. Instead, it is recommended to capture the memory of the personal computer before pulling the device, as this contains significant details in many cases.